Cisco DNA Center Installation guide

Brand: Cisco

Model: DNA Center

Category: Networking

Type: Installation guide

Cisco DNA Center First-Generation Appliance Installation Guide,

Release 2.1.2

First Published: 2020-08-31

Americas Headquarters

Cisco Systems, Inc.

170 West Tasman Drive

San Jose, CA 95134-1706

USA

http://www.cisco.com

Tel: 408 526-4000

800 553-NETS (6387)

Fax: 408 527-0883

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL:

https://www.cisco.com/c/en/us/about/legal/trademarks.html. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a

partnership relationship between Cisco and any other company. (1721R)

CONTENTS

Review the Cisco DNA Center Appliance Features 1

CHAPTER 1

Appliance Hardware Specifications 1

Front and Rear Panels 2

Physical Specifications 8

Environmental Specifications 9

Power Specifications 10

10 Gigabit Ethernet Switches 11

Plan the Deployment 13

CHAPTER 2

Planning Workflow 13

Cisco DNA Center and Cisco Software-Defined Access 14

Interface Cable Connections 14

Required IP Addresses and Subnets 17

Interface Names and Wizard Configuration Order 20

Required Internet URLs and Fully Qualified Domain Names 21

Provide Secure Access to the Internet 24

Required Network Ports 24

Required Ports and Protocols for Cisco Software-Defined Access 26

Required Configuration Information 33

Required First-Time Setup Information 34

Install the Appliance 37

CHAPTER 3

Appliance Installation Workflow 37

Unpack and Inspect the Appliance 37

Review the Installation Warnings and Guidelines 38

Review the Rack Requirements 39

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

iii

Connect and Power On the Appliance 39

Check the LEDs 39

Prepare the Appliance for Configuration 43

CHAPTER 4

Preparation for Appliance Configuration Overview 43

Enable Browser Access to Cisco Integrated Management Controller 43

Execute Preconfiguration Checks 48

Reimage the Appliance 55

Verify the Cisco DNA Center ISO Image 55

Create a Bootable USB Drive 56

Using Etcher 56

Using the Linux CLI 57

Using the Mac CLI 57

Install the Cisco DNA Center ISO Image 58

Configure the Appliance 61

CHAPTER 5

Appliance Configuration Overview 61

Configure the Primary Node 61

Configure Add-On Nodes 75

Upgrade to the Latest Cisco DNA Center Release 90

Complete First-Time Setup 91

CHAPTER 6

First-Time Setup Workflow 91

Compatible Browsers 91

Integrate Cisco ISE with Cisco DNA Center 94

Group-Based Access Control: Policy Data Migration and Synchronization 97

Configure Authentication and Policy Servers 99

Configure SNMP Properties 101

Troubleshoot the Deployment 103

CHAPTER 7

Troubleshooting Tasks 103

Log Out 103

Reconfigure the Appliance Using the Configuration Wizard 104

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Contents

Power-Cycle the Appliance 105

Using the Cisco IMC GUI 106

Using SSH 106

Review High Availability Cluster Deployment Scenarios 109

APPENDIX A

New HA Deployment 109

Existing HA Deployment of the Primary Node with Standard Interface Configurations 110

Existing HA Deployment of Primary Node with Nonstandard Interface Configurations 110

Activate High Availability 111

Additional HA Deployment Considerations 111

Telemetry 111

Wireless Controller 112

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Contents

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Contents

CHAPTER 1

Review the Cisco DNA Center Appliance

Features

•Appliance Hardware Specifications, on page 1

•Front and Rear Panels, on page 2

•Physical Specifications, on page 8

•Environmental Specifications, on page 9

•Power Specifications, on page 10

•10 Gigabit Ethernet Switches, on page 11

Appliance Hardware Specifications

Cisco supplies Cisco Digital Network Architecture (DNA) Center in the form of a rack-mountable, physical

appliance. The first-generation Cisco DNA Center appliance (Cisco part number DN1-HW-APL) consists of

a Cisco Unified Computing System (UCS) C220 M4 small form factor (SFF) chassis, with the addition of a

Virtual Interface Card (VIC) 1227 in the mLOM slot. The Cisco DNA Center software image is preinstalled

on the appliance, but must be configured for use.

The following table summarizes the appliance's hardware specifications.

DescriptionFeature

One rack-unit (1RU) chassisChassis

Two 22-core Intel Xeon E5-2699 v4 2.20 GHz processorsProcessors

Eight 32-GB DDR4 2400 MHz registered DIMMs (RDIMMs)Memory

• Six 1.9-TB, 2.5-inch Enterprise Value 6G SATA solid state drives (SSDs)

• Two 480-GB, 2.5-inch Enterprise Value 12G SATA SSDs

Storage

• RAID 1 on slots 1 through 4

• RAID 10 on slots 5 through 8

Disk Management (RAID)

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

DescriptionFeature

Supported connectors:

• Two 10-Gbps Ethernet ports on the Cisco UCS VIC 1227

• One 1-Gbps Ethernet dedicated management port

• Two 1-Gbps BASE-T Ethernet LAN ports

The following connectors are available but not typically used in the day-to-day

operation of Cisco DNA Center:

• One RS-232 serial port (RJ-45 connector)

• One 15-pin VGA2 connector

• Two USB 3.0 connectors

•One front-panel KVM connector that is used with the KVM cable, which provides

two USB 2.0, one VGA, and one serial (DB-9) connector

Network and Management I/O

• Two 770-W AC power supplies

• Redundant as 1+1

Power

Six hot-swappable fan modules for front-to-rear coolingCooling

Video Graphics Array (VGA) video resolution up to 1920 x 1200, 16 bpp at 60 Hz,

and up to 256 MB of video memory

Video

Front and Rear Panels

The following figures and tables describe the front and rear panels of the 44 core Cisco DNA Center appliance.

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Review the Cisco DNA Center Appliance Features

Front and Rear Panels

Figure 1: Appliance Front Panel

DescriptionComponent

A total of eight drives are available on the appliance:

• Six 1.9 TB SATA SSD

• Two 480 GB SAS SSD

Each installed drive bay has a fault LED and an activity LED.

When the drive fault LED is:

• Off: The drive is operating properly.

• Amber: The drive has failed.

• Amber, blinking: The drive is rebuilding.

When the drive activity LED is:

• Off: There is no drive in the sled (no access, no fault).

• Green: The drive is ready.

• Green, blinking: The drive is reading or writing data.

Pull-out asset tag2

Operations sub-panel buttons and LEDs. LED states for these buttons and the conditions

they indicate are described in the following entries.

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Review the Cisco DNA Center Appliance Features

Front and Rear Panels

DescriptionComponent

Power button/power status LED. When the LED is:

• Off: There is no AC power to the appliance.

• Amber: The appliance is in standby power mode. Power is supplied only to the Cisco

Integrated Management Controller (CIMC) and some motherboard functions.

• Green: The appliance is in main power mode. Power is supplied to all the server

components.

Unit identification button and LED. When the LED is:

• Blue: Unit identification is active.

• Off: Unit identification is inactive.

System status LED. When the LED is:

• Green: The appliance is running in a normal operating condition.

• Green, blinking: The appliance is performing system initialization and memory

checks.

• Amber, steady: The appliance is in a degraded operational state, which may be due

to one or more of the following causes:

• Power supply redundancy is lost.

• CPUs are mismatched.

• At least one CPU is faulty.

• At least one DIMM is faulty.

• At least one drive in a RAID configuration failed.

• Amber, blinking: The appliance is in a critical fault state, which may be due to one

or more of the following:

• Boot failed.

• Fatal CPU and/or bus error was detected.

• Server is in an over-temperature condition.

Fan status LED. When the LED is:

• Green: All fan modules are operating properly.

• Amber, steady: One fan module has failed.

• Amber, blinking: Critical fault, two or more fan modules have failed.

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Review the Cisco DNA Center Appliance Features

Front and Rear Panels

DescriptionComponent

Temperature status LED. When the LED is:

• Green: The appliance is operating at normal temperature.

•Amber, steady: One or more temperature sensors have exceeded a warning threshold.

•Amber, blinking: One or more temperature sensors have exceeded a critical threshold.

Power supply status LED. When the LED is:

• Green: All power supplies are operating normally.

• Amber, steady: One or more power supplies are in a degraded operational state.

• Amber, blinking: One or more power supplies are in a critical fault state.

Network link activity LED. When the LED is:

• Green, blinking: One or more Ethernet LOM ports are link-active, with activity.

• Green: One or more Ethernet LOM ports are link-active, but there is no activity.

• Off: The Ethernet link is idle.

KVM connector. Used with a KVM cable that provides two USB 2.0, one VGA, and one

serial connector.

Figure 2: Appliance Rear Panel

DescriptionComponent

Grounding-lug hole (for DC power supplies)1

PCIe riser 1/slot 12

PCIe riser 2/slot 23

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Review the Cisco DNA Center Appliance Features

Front and Rear Panels

DescriptionComponent

Power supplies (up to two: redundant as 1+1). Each power supply has a power supply

fault LED and an AC power LED.

When the fault LED is:

• Off: The power supply is operating normally.

• Amber, blinking: An event warning threshold has been reached, but the power

supply continues to operate.

• Amber, solid: A critical fault threshold has been reached, causing the power supply

to shut down (for example, a fan failure or an over-temperature condition).

When the AC Power LED is:

• Green, solid: AC power is OK, DC output is OK.

• Green, blinking: AC power is OK, DC output is not enabled.

• Off: There is no AC power to the power supply.

For more details, see Power Specifications.

10-Gbps Cluster Port (Port 2, enp10s0, Network Adapter 1): This is the second 10-Gbps

port on the Cisco Virtual Interface Card (VIC) 1227 in the appliance mLOM slot. The

rear panel labels it Port 2 and the Maglev Configuration wizard identifies it as enp10s0

and Network Adapter 1. Connect this port to a switch with connections to the other nodes

in the Cisco DNA Center cluster.

This port has a link status (ACT) LED and a link speed (LINK) LED.

When the link status LED is:

• Green, blinking: Traffic is present on the active link.

• Green: Link is active, but there is no traffic present.

• Off: No link is present.

When the link speed LED is:

• Green: Link speed is 10 Gbps.

• Amber: Link speed is 1 Gbps.

• Off: Link speed is 100 Mbps or less.

The enterprise and cluster ports must operate at 10 Gbps only.

Note

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Review the Cisco DNA Center Appliance Features

Front and Rear Panels

DescriptionComponent

10-Gbps Enterprise Port (Port 1, enp9s0, Network Adapter 4): This is the first 10-Gbps

port on the Cisco Virtual Interface Card (VIC) 1227 in the appliance mLOM slot. The

rear panel labels it Port 1 and the Maglev Configuration wizard identifies it as enp9s0

and Network Adapter 4. Connect this port to a switch with IP reachability to the

networking equipment that Cisco DNA Center will manage.

This port has a link status (ACT) LED and a link speed (LINK) LED.

When the link status LED is:

• Green, blinking: Traffic is present on the active link.

• Green: Link is active, but there is no traffic present.

• Off: No link is present.

When the speed LED is:

• Green: Link speed is 10 Gbps.

• Amber: Link speed is 1 Gbps.

• Off: Link speed is 100 Mbps or less.

The Cisco DNA Center appliance enterprise and cluster ports must operate

at 10 Gbps only.

Note

Two USB 3.0 ports7

1-Gbps CIMC Port (M): This is the embedded port to the right of the two USB ports and

to the left of the RJ45 serial port. The back panel labels it M and you assign an IP address

to it when you enable browser access to the appliance's CIMC GUI (see Enable Browser

Access to Cisco Integrated Management Controller). This port is reserved for out-of-band

(OOB) management of the Cisco DNA Center appliance chassis and software. Connect

this port to a switch that provides access to your dedicated OOB enterprise management

network.

This port has a link status LED and a link speed LED. When the link status LED is:

• Green, blinking: Traffic is present on the active link.

• Green: Link is active, but there is no traffic present.

• Off: No link is present.

When the speed LED is:

• Green: Link speed is 1 Gbps.

• Amber: Link speed is 100 Mbps.

• Off: Link speed is 10 Mbps or less.

Serial port (RJ-45 connector)9

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Review the Cisco DNA Center Appliance Features

Front and Rear Panels

DescriptionComponent

1-Gbps Cisco DNA Center GUI Port (1, enp1s0f0, Network Adapter 2): This is the first

Intel i350 1Gb Ethernet controller port. It is embedded on the appliance motherboard.

The rear panel labels it 1and the Maglev Configuration wizard identifies it as enp1s0f0

and Network Adapter 2. Connect this port to a switch that provides access to your

dedicated enterprise management network.

This port has a link status LED and a link speed LED. When the status LED is:

• Green, blinking: Traffic is present on the active link.

• Green: Link is active, but there is no traffic present.

• Off: No link is present.

When the speed LED is:

• Green: Link speed is 1 Gbps.

• Amber: Link speed is 100 Mbps.

• Off: Link speed is 10 Mbps or less.

1-Gbps Cloud Port (2, enp1s0f1, Network Adapter 3): This is the second embedded

1Gbps Ethernet controller port. The rear panel labels it 2and the Maglev Configuration

wizard identifies it as enp1s0f1 and Network Adapter 3. This port is optional. It is used

for connecting to the Internet when it is not possible to do so via the 10-Gbps enterprise

port (Port 1, enp9s0, Network Adapter 4).

This port has a link status LED and a link speed LED. When the link status LED is:

• Green, blinking: Traffic is present on the active link.

• Green: Link is active, but there is no traffic.

• Off: No link is present.

When the speed LED is:

• Green: Link speed is 1 Gbps.

• Amber: Link speed is 100 Mbps.

• Off: Link speed is 10 Mbps or less.

VGA video port (DB-15). This panel area around this port is blue.12

Blue LED locator button13

Physical Specifications

The following table lists the physical specifications for the appliance.

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Review the Cisco DNA Center Appliance Features

Physical Specifications

Table 1: Physical Specifications

SpecificationDescription

1.7 in. (4.32 cm)Height

16.89 in. (43.0 cm)

Including handles:

18.98 in. (48.2 cm)

Width

29.8 in. (75.6 cm)

Including handles:

30.98 in. (78.7 cm)

Depth (length)

3 in. (76 mm)Front Clearance

1 in. (25 mm)Side Clearance

6 in. (152 mm)Rear Clearance

37.9 lb. (17.2 kg)Maximum weight (fully loaded chassis)

Environmental Specifications

The following table lists the environmental specifications for the Cisco DNA Center appliance.

Table 2: Environmental Specifications

SpecificationDescription

41 to 95°F (5 to 35°C)

Derate the maximum temperature by 1°C for every

1000 ft. (305 meters) of altitude above sea level.

Temperature, operating

–40 to 149°F (–40 to 65°C)Temperature, nonoperating (when the appliance is

stored or transported)

10 to 90%, noncondensing at 82°F (28°C)Humidity (RH), operating

5 to 93% at 82°F (28°C)Humidity, nonoperating

0 to 10,000 ft. (0 to 3,000 m)Altitude, operating

0 to 40,000 ft. (0 to 12,192 m)Altitude, nonoperating (when the appliance is stored

or transported)

5.4Sound power level, measure A-weighted per ISO7779

LwAd (Bels), operation at 73°F (23°C)

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Review the Cisco DNA Center Appliance Features

Environmental Specifications

SpecificationDescription

37Sound pressure level, measure A-weighted per

ISO7779 LpAm (dBA), Operation at 73°F (23°C)

Power Specifications

The specifications for the two 770 W AC power supplies (Cisco part number UCSC-PSU1-770W) provided

with the Cisco DNA Center appliance are listed in the table below.

Table 3: AC Power Supply Specifications

SpecificationDescription

Nominal range: 100–120 VAC, 200–240 VAC

Range: 90–132 VAC, 180–264 VAC

AC input voltage

Nominal range: 50 to 60 Hz

(Range: 47–63 Hz)

AC input frequency

9.5 A at 100 VAC

4.5 A at 208 VAC

Maximum AC input current

950 VA at 100 VACMaximum input volt-amperes

770 W at 100–120 VACMaximum output power per PSU

15 A at 35° CMaximum inrush current

12 ms at 770 WMaximum hold-up time

12 VDCPower supply output voltage

12 VDCPower supply standby voltage

Climate Savers Platinum Efficiency (80Plus Platinum

certified)

Efficiency rating

RSP2Form factor

IEC320 C14Input connector

You can get more specific power information for the exact configuration of your appliance by using the Cisco

UCS Power Calculator: http://ucspowercalc.cisco.com

Note

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Review the Cisco DNA Center Appliance Features

Power Specifications

10 Gigabit Ethernet Switches

The following table lists the 10 Gigabit Ethernet Cisco switches that can currently be brought up from the

first-generation Cisco DNA Center appliance. This table will be updated as more switches are tested.

CommentCisco Part NumberCisco Switch

—N5K-C5672UPCisco Nexus 5672UP

—C6880-X-LECisco Catalyst 6880-X

Tested with the Cisco Nexus 7700

Switch Supervisor2 Enhanced

Module (Cisco part number

N77-SUP2E) installed.

N77-C7706Cisco Nexus 7700 (6-Slot)

In order for the remaining switches in this table to function properly, ensure that the following settings are

configured for both your switch and your Cisco DNA Center appliance:

•Default VLAN: Specify the same port number on your appliance and switch.

•VLAN Mode: Set Trunk mode.

See Steps 3 and 4 in Execute Preconfiguration Checks, on page 48.

—WS-C3850-48XS-S

Cisco Catalyst 3850-48XS-S

—WS-C4500X-32SFP+Cisco Catalyst 4500X-32 SFP+

—C9500-40XCisco Catalyst C9500-40X-E

—WS-C3650-48PQ-ECisco Catalyst 3650-48PQ-E

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Review the Cisco DNA Center Appliance Features

10 Gigabit Ethernet Switches

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Review the Cisco DNA Center Appliance Features

10 Gigabit Ethernet Switches

CHAPTER 2

Plan the Deployment

•Planning Workflow, on page 13

•Cisco DNA Center and Cisco Software-Defined Access, on page 14

•Interface Cable Connections, on page 14

•Required IP Addresses and Subnets, on page 17

•Required Internet URLs and Fully Qualified Domain Names, on page 21

•Provide Secure Access to the Internet, on page 24

•Required Network Ports, on page 24

•Required Ports and Protocols for Cisco Software-Defined Access, on page 26

•Required Configuration Information, on page 33

•Required First-Time Setup Information, on page 34

Planning Workflow

You must perform the following planning and information-gathering tasks before attempting to install,

configure, and set up your Cisco DNA Center appliance. After you complete these tasks, you can continue

by physically installing your appliance in the data center.

1. Review the recommended cabling and switching requirements for standalone and cluster installations.

For more information, see Interface Cable Connections.

2. Gather the IP addressing, subnetting, and other IP traffic information that you will apply during appliance

configuration. For more information, see Required IP Addresses and Subnets.

3. Prepare a solution for the required access to web-based resources. For more information, see Required

Internet URLs and Fully Qualified Domain Names and Provide Secure Access to the Internet.

4. Reconfigure your firewalls and security policies for Cisco DNA Center traffic. For more information, see

Required Network Ports. If you are using Cisco DNA Center to manage a Cisco Software-Defined Access

(SD-Access) network, also see Required Ports and Protocols for Cisco Software-Defined Access.

5. Gather the additional information used during appliance configuration and first-time setup. For more

information, see Required Configuration Information and Required First-Time Setup Information.

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Cisco DNA Center and Cisco Software-Defined Access

You can use Cisco DNA Center to manage any type of network, including networks that employ the Cisco

SD-Access fabric architecture. Cisco SD-Access transforms conventional networks into intent-based networks,

where business logic becomes a physical part of the network, making it easy to automate day-to-day tasks

such as configuration, provisioning, and troubleshooting. The Cisco SD-Access solution reduces the time

taken to adapt the network to business needs, improves issue resolutions, and reduces security-breach impacts.

A complete discussion of the Cisco SD-Access solution is outside the scope of this guide. Network architects

and administrators planning to implement a Cisco SD-Access fabric architecture for use with Cisco DNA

Center can find additional information and guidance from the following resources:

• For more information on how Cisco DNA Center leverages Cisco SD-Access to automate solutions that

are not possible with normal networking approaches and techniques, see Software Defined Access:

Enabling Intent-Based Networking.

• For guidance in using Cisco SD-Access access segmentation to enhance network security, see the

Software-Defined Access Segmentation Design Guide.

• For guidance on deploying SDA with Cisco DNA Center, see the Software-Defined Access Deployment

Guide.

• For more information on the digital network architecture that is the foundation of Cisco DNA Center

and the Cisco SD-Access solution, and the roles that other Cisco and third-party products and solutions

play in this innovative architecture, see the Cisco DNA Design Zone.

Interface Cable Connections

Connect the ports on the appliance to switches providing the following types of network access. At a minimum,

you must configure the Enterprise and Cluster port interfaces, as they are required for Cisco DNA Center

functionality.

During appliance configuration, the Maglev Configuration wizard does not let you proceed until you assign

the Cluster Link option to an interface. For both single-node and three-node deployments in a production

environment, designate port enp10so as the Cluster Link on the first-generation Cisco DNA Center appliance

(Cisco part number DN1-HW-APL).

Be aware that the interface marked as the Cluster Link cannot be changed after configuration completes. Later,

if you must change the interface marked as the Cluster Link, you are required to reimage the appliance. (For

a description of the tasks you need to complete in order to reimage your Cisco DNA Center appliance, see

Reimage the Appliance, on page 55.) With this in mind, we recommend that you set up the Cluster Port with

an IP address, so as to allow for expansion to a three-node cluster in the future. Also, make sure that the cluster

link interface is connected to a switch port and is in the UP state.

Note

•(Required) 10-Gbps Cluster Port (Port 2, enp10so, Network Adapter 1): This is the left-hand port

on the VIC 1227 card in the appliance mLOM slot. Its purpose is to enable communications among the

primary and add-on nodes in a Cisco DNA Center cluster. Connect this port to a switch with connections

to the other nodes in the cluster and configure one IP address with a subnet mask for the port.

Cisco DNA Center First-Generation Appliance Installation Guide, Release 2.1.2

Plan the Deployment

Cisco DNA Center and Cisco Software-Defined Access

Page is loading ...

Cisco DNA Center Installation guide

Brand: Cisco

Model: DNA Center

Category: Networking

Type: Installation guide

Download PDF

report

Cisco DNA Center Installation guide

Cisco DNA Center Installation guide

Related papers

Other documents